Another non-alternative to encryption

By Luther Martin — August 7, 2009

There seems to be yet another technology vendor that’s trying to claim that their approach to protecting data is better than encryption. They claim that this is true for the following reasons: that future processing power makes today’s encryption too weak; that key management is a big, unsolved problem; and that you still have problems with disclosure laws if you lose encrypted data. Key management is indeed still an unsolved problem, but the other two of these claims aren’t even close to being true.

As I’ve mentioned before, aside from assuming that quantum computing eventually becomes a reality, there’s absolutely no way to make a set of reasonable assumptions that lead you to believe that it will ever be possible to defeat the protection provided by 128 bits of cryptographic security. Even if you scale up today’s most powerful computers by factors of millions, you’ll find yourself watching the continents collide as they drift around the surface of the Earth or the Andromeda galaxy collide with the Milky Way as you wait for this hypothetical computer to find a single key.

There are well-defined standards for exactly how strong a key to use, and this is based on when you’re going to encrypt the data and how long you need it to be protected. In the case of 128 bits of strength, this is anticipated to be good for the foreseeable future, so the claim that future processing power makes today’s encryption too weak isn’t even close to being true.

(Even if you assume that quantum computing eventually becomes a reality, it doesn’t really affect symmetric algorithms that much. It just cuts the number of bits of security in half, reducing 256 bits of strength down to 128 bits of strength, so that 256-bit symmetric keys are still secure if quantum computers are available.)

The claim that losing encrypted data will still cause you disclosure problems also isn’t true. Disclosure laws require you to notify the victims of a breach if you lose unencrypted data, not if you lose encrypted data, and this makes perfect sense. Encrypted data is indistinguishable from random bits: if you give an adversary who has unlimited computing power both a ciphertext and a block or random bits, he can’t find an efficient way to tell the difference between the two. So not requiring companies to disclose the loss of encrypted data is perfectly reasonable. It would be just as meaningful to require them to notify people about the disclosure of the output of a random number generator.

The products that people are trying to sell that can act as alternatives to encryption may have advantages over encryption in some situations, but these certainly don’t relate to the alternatives being more secure than encryption or the nature of existing disclosure laws.